package org.baixin.tag;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.TagSupport;

import org.baixin.entity.User;
import org.baixin.utils.SecurityUtils;

public class SecurityTag extends TagSupport {
	
	/**
	 * 权限控制标识
	 */
	private Object authority;
	
	private HttpServletRequest request;

	@Override
	public int doEndTag() throws JspException {
		
		return super.doEndTag();
	}

	@Override
	public int doStartTag() throws JspException {
		request = (HttpServletRequest) pageContext.getRequest(); 
		User user = (User) request.getSession().getAttribute("login_user");
		if (null == user||!SecurityUtils.verify(user, authority.toString())) {
			return SKIP_BODY ;
		}
		return EVAL_PAGE;
	}

	public Object getAuthority() {
		return authority;
	}

	public void setAuthority(Object authority) {
		this.authority = authority;
	}
}
